WEB APPLICATION VULNERABILITIES Standard & Premium

SugarCRM Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14974)

Description

SugarCRM Enterprise 9.0.0 allows mobile/error-not-supported-platform.html?desktop_url= XSS.

Remediation

References

Related Vulnerabilities

MySQL CVE-2018-2786 Vulnerability (CVE-2018-2786)

WordPress Plugin MailChimp for WooCommerce Local File Inclusion (2.1.1)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Request Forgery (4.7.5)

MySQL CVE-2019-2584 Vulnerability (CVE-2019-2584)

WordPress Plugin ZooEffect for Video player Photo Gallery Slideshow jQuery and audio/music/podcast-HTML Cross-Site Scripting (1.01)

Severity

Medium

Classification

CVE-2019-14974 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities